zuruck zur Themenseite

Articles and background information on the topic

Red Hat Report

Andrea Gillhuber,

Cloud security often inadequate

According to Red Hat's "State of Cloud-native Security" Report 2026, 97% of the companies surveyed with hybrid cloud environments reported security incidents within a year. This is based on data from around 600 IT specialists.

© Red Hat

The causes are predominantly internal weaknesses such as misconfigurations or unpatched container images, rather than complex external attacks. The consequences range from increased effort in analysis and remediation to delayed releases and loss of productivity. 92% report noticeable effects.

Gap between self-perception and actual security approaches

Many security problems in the hybrid cloud result from the company's own omissions and negligence. © Red Hat

There is a gap between self-image and actual security level: 56% see themselves as "proactive", but only 39% have a mature, well-defined cloud-native security strategy. Technical measures such as signature checks, runtime protection or automated guidelines can only be found in half of the companies.

The majority of companies consider themselves to be proactive, but this is not reflected in their security strategies. © Red Hat

Nevertheless, the majority of companies are attempting to take countermeasures: more than 60% are planning to invest in the automatic protection of their CI/CD pipelines in the next one to two years in order to implement a "security as code" approach and minimize human error. 56% want to invest in supply chain security and 54% in runtime protection for applications that detects and stops active threats such as cryptojacking or incorrect behavior of containers in real time.

Generative AI causes concern

Although companies are aware of the security challenges of GenAI, there is a lack of usage guidelines and governance frameworks in many places. © Red Hat

Generative AI (GenAI) continues to be a major concern for companies, with 96% considering its use in cloud environments to be questionable. They fear the disclosure of sensitive data, the use of unauthorized tools (shadow AI) and the integration of insecure third-party AI services. Despite these fears, 59% of companies do not have documented internal guidelines on AI use or governance frameworks.

Advertisement
  • Xing Icon
  • LinkedIn Icon
Advertisement
Back to topic page
Advertisement

You might also be interested in

Advertisement
Advertisement
Advertisement
Advertisement

B&R

CRA guide for Powerlink checked

TÜV Rheinland has audited the "CRA Guide for Powerlink" from B&R. The guide is one of the first independently audited technical documentations for the implementation of the EU Cyber Resilience Act in automation.

read more...
Advertisement
Advertisement
Advertisement
Subscribe to our newsletter
Advertisement
Back to home